public static async Task <bool> Decrypt(Stream inputStream, Stream outputStream, string userId, string password)
{
try
{
var sha256 = SHA256.Create();
using (var aes = new RijndaelManaged())
{
aes.Key = sha256.ComputeHash(Encoding.UTF8.GetBytes(password));
aes.IV = GetIvFrom(userId);
using (var decryptor = aes.CreateDecryptor())
{
using (CryptoStream csEncrypt = new CryptoStream(inputStream, decryptor, CryptoStreamMode.Read))
{
var buffer = new byte[2048];
var length = await csEncrypt.ReadAsync(buffer, 0, buffer.Length);
do
{
await outputStream.WriteAsync(buffer, 0, length);
length = await csEncrypt.ReadAsync(buffer, 0, buffer.Length);
} while (length > 0);
}
}
}
return(true);
}
catch (CryptographicException e)
{
throw e;
}
}
public async Task DecryptStreamAsync(Key key, Stream sourceStream, long sourceLength, Stream destinationStream, IProgress <KryptoProgress> progress = null, CancellationToken cancellationToken = default)
{
DateTime started = DateTime.Now;
long totalRead = 0;
using var alg = CreateAlg(key);
alg.IV = await ReadBytesAsync(sourceStream, IVSize, cancellationToken).ConfigureAwait(false);
if (progress != null)
{
sourceLength += alg.IV.Length;
totalRead += alg.IV.Length;
progress.Report(new KryptoProgress(started, totalRead, sourceLength, false));
}
using var decryptor = alg.CreateDecryptor();
using var cs = new CryptoStream(sourceStream, decryptor, CryptoStreamMode.Read, true);
if (progress == null)
{
await cs.CopyToAsync(destinationStream, Utilities.BUFFER_SIZE, cancellationToken).ConfigureAwait(false);
}
else
{
byte[] buffer = new byte[Utilities.BUFFER_SIZE];
int bytesRead;
do
{
#if NET472
bytesRead = await cs.ReadAsync(buffer, 0, buffer.Length, cancellationToken).ConfigureAwait(false);
#else
bytesRead = await cs.ReadAsync(buffer.AsMemory(0, buffer.Length), cancellationToken).ConfigureAwait(false);
#endif
if (bytesRead > 0)
{
#if NET472
await destinationStream.WriteAsync(buffer, 0, bytesRead, cancellationToken).ConfigureAwait(false);
#else
await destinationStream.WriteAsync(buffer.AsMemory(0, bytesRead), cancellationToken).ConfigureAwait(false);
#endif
totalRead += bytesRead;
progress?.Report(new KryptoProgress(started, totalRead, sourceLength, false));
}
} while (bytesRead > 0);
}
progress?.Report(new KryptoProgress(started, totalRead, totalRead, true));
}
public async Task <byte[]> Decrypt(ICryptoTransform decryptor, byte[] encrypted)
{
if (decryptor == null)
{
throw new ArgumentNullException("decryptor");
}
if (encrypted == null)
{
throw new ArgumentNullException("encrypted");
}
using (MemoryStream msDecrypt = new MemoryStream(encrypted))
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt,
decryptor, CryptoStreamMode.Read))
{
byte[] fromEncrypt = new byte[encrypted.Length];
int read = await csDecrypt.ReadAsync(fromEncrypt, 0,
fromEncrypt.Length);
if (read < fromEncrypt.Length)
{
byte[] clearBytes = new byte[read];
Buffer.BlockCopy(fromEncrypt, 0, clearBytes, 0, read);
return(clearBytes);
}
return(fromEncrypt);
}
}
private static async Task DecryptDataStreamAsync(
Stream data,
byte[] secret,
byte[] hash,
Stream destination,
CancellationToken cancellationToken
)
{
FindDataKeyAndIv(secret, hash, out byte[] dataKey, out byte[] dataIv);
using (var aes = Aes.Create())
{
// ReSharper disable once PossibleNullReferenceException
aes.KeySize = 256;
aes.Mode = CipherMode.CBC;
aes.Key = dataKey;
aes.IV = dataIv;
aes.Padding = PaddingMode.None;
using (var decrypter = aes.CreateDecryptor())
using (CryptoStream aesStream = new CryptoStream(data, decrypter, CryptoStreamMode.Read))
using (var sha256 = SHA256.Create())
using (CryptoStream shaStream = new CryptoStream(aesStream, sha256, CryptoStreamMode.Read))
{
byte[] paddingBuffer = new byte[256];
int read = await shaStream.ReadAsync(paddingBuffer, 0, 256, cancellationToken)
.ConfigureAwait(false);
byte paddingLength = paddingBuffer[0];
if (paddingLength < 32)
{
throw new PassportDataDecryptionException($"Data padding length is invalid: {paddingLength}.");
}
int actualDataLength = read - paddingLength;
if (actualDataLength < 1)
{
throw new PassportDataDecryptionException($"Data length is invalid: {actualDataLength}.");
}
await destination.WriteAsync(paddingBuffer, paddingLength, actualDataLength, cancellationToken)
.ConfigureAwait(false);
// 81920 is the default Stream.CopyTo buffer size
// The overload without the buffer size does not accept a cancellation token
const int defaultBufferSize = 81920;
await shaStream.CopyToAsync(destination, defaultBufferSize, cancellationToken)
.ConfigureAwait(false);
byte[] paddedDataHash = sha256.Hash;
for (int i = 0; i < hash.Length; i++)
{
if (hash[i] != paddedDataHash[i])
{
throw new PassportDataDecryptionException($"Data hash mismatch at position {i}.");
}
}
}
}
}
public static async Task <string> DecryptAsync(string data)
{
string decrypted;
byte[] dataBytes = Convert.FromBase64String(data);
using (AesManaged aes = new AesManaged())
{
aes.Mode = CipherMode.CBC;
aes.KeySize = 256;
aes.BlockSize = 128;
aes.FeedbackSize = 128;
aes.Padding = PaddingMode.Zeros;
aes.Key = System.Text.Encoding.UTF8.GetBytes(AppSettings.GetEntry("AesKey"));
aes.IV = System.Text.Encoding.UTF8.GetBytes(AppSettings.GetEntry("AesIV"));
// aes.GenerateIV();
ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
using (MemoryStream ms = new MemoryStream(dataBytes))
{
using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
{
byte[] buffer = new byte[dataBytes.Length];
await cs.ReadAsync(buffer, 0, buffer.Length);
decrypted = Encoding.UTF8.GetString(buffer);
}
}
}
return(decrypted);
}
public async Task <byte[]> DecryptAsync(byte[] data, string password)
{
if (data is null)
{
throw new ArgumentNullException(nameof(data));
}
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException(nameof(password));
}
using (var deriveBytes = new Rfc2898DeriveBytes(password, _salt))
using (var symmetricKey = new RijndaelManaged {
Mode = CipherMode.CBC, Padding = PaddingMode.None
})
using (var decryptor = symmetricKey.CreateDecryptor(deriveBytes.GetBytes(256 / 8), _rgbIV))
using (var memoryStream = new MemoryStream(data))
using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
var decrypted = new byte[data.Length];
var decryptedByteCount = await cryptoStream.ReadAsync(decrypted, 0, decrypted.Length);
return(decrypted.TakeWhile(c => c != '\0').ToArray());
}
}
public async Task DecryptAsync(Stream source, Stream dest, byte[] key)
{
source.Seek(0, SeekOrigin.End);
int size = (int)source.Position;
source.Seek(0, SeekOrigin.Begin);
_cryptoProvider.Key = key;
var ivBuffer = new byte[IvSize];
await source.ReadAsync(ivBuffer, 0, IvSize);
_cryptoProvider.IV = ivBuffer;
var keyHash = new byte[HashSize];
await source.ReadAsync(keyHash, 0, HashSize);
if (!Enumerable.SequenceEqual(_hashProvider.ComputeHash(key), keyHash))
{
throw new InvalidKeyException();
}
using (var cs = new CryptoStream(source, _cryptoProvider.CreateDecryptor(), CryptoStreamMode.Read))
{
var buffer = new byte[size];
await cs.ReadAsync(buffer, 0, size);
await dest.WriteAsync(buffer, 0, size);
}
}
public override async Task <int> ReadAsync(byte[] buffer, int offset, int count, CancellationToken ct)
{
if (_isDisposed)
{
throw new ObjectDisposedException("AESDecryptStream");
}
if (_cryptoStream == null)
{
var ivLengthBytes = new byte[4];
var read = await _internalStream.ReadAsync(ivLengthBytes, 0, 4, ct).ConfigureAwait(false);
if (read != 4)
{
throw new InvalidOperationException("Stream did not have enough data for IV length");
}
var ivLength = BitConverter.ToInt32(ivLengthBytes, 0);
var iv = new byte[ivLength];
read = await _internalStream.ReadAsync(iv, 0, ivLength, ct).ConfigureAwait(false);
if (read != ivLength)
{
throw new InvalidOperationException("Stream did not have enough data for IV");
}
var aesProvider = new RijndaelManaged();
aesProvider.Key = _aesKey;
aesProvider.IV = iv;
var decryptor = aesProvider.CreateDecryptor();
_cryptoStream = new CryptoStream(_internalStream, decryptor, CryptoStreamMode.Read);
}
return(await _cryptoStream.ReadAsync(buffer, offset, count, ct).ConfigureAwait(false));
}
public override async Task <int> ReadAsync(byte[] buffer, int offset, int count, CancellationToken ct)
{
if (_isDisposed)
{
throw new ObjectDisposedException("AESEncryptStream");
}
int read = 0;
if (_initialBytes != null)
{
var max = _initialBytes.Length - _initialBytesWritten;
var length = Math.Min(count, max);
Buffer.BlockCopy(_initialBytes, _initialBytesWritten, buffer, offset, length);
read += length;
offset += length;
count -= length;
_initialBytesWritten += length;
if (_initialBytesWritten >= _initialBytes.Length)
{
_initialBytes = null;
}
}
if (count > 0)
{
read += await _cryptoStream.ReadAsync(buffer, offset, count, ct).ConfigureAwait(false);
}
return(read);
}
public async Task <T> DeserializeAsync <T>(Stream source, byte[] key)
{
_cryptoProvider.Key = key;
var ivBuffer = new byte[IvSize];
await source.ReadAsync(ivBuffer, 0, IvSize);
_cryptoProvider.IV = ivBuffer;
var keyHash = new byte[HashSize];
await source.ReadAsync(keyHash, 0, HashSize);
if (!Enumerable.SequenceEqual(_hashProvider.ComputeHash(key), keyHash))
{
throw new InvalidKeyException();
}
using (var ms = new MemoryStream())
{
using (var cs = new CryptoStream(source, _cryptoProvider.CreateDecryptor(), CryptoStreamMode.Read))
{
var buffer = new byte[BufferSize];
int bytesRead = 0;
while ((bytesRead = await cs.ReadAsync(buffer, 0, buffer.Length)) > 0)
{
ms.Write(buffer, 0, bytesRead);
}
ms.Seek(0, SeekOrigin.Begin);
return((T) new BinaryFormatter().Deserialize(ms));
}
}
}
public async static Task <string> DecryptAsync(string cipherText, string passPhrase)
{
var cipherTextBytes = Convert.FromBase64String(cipherText);
using (var password = new Rfc2898DeriveBytes(passPhrase, InitVectorBytes))
{
var keyBytes = password.GetBytes(Keysize / 8);
using (var symmetricKey = new RijndaelManaged())
{
symmetricKey.Mode = CipherMode.CBC;
symmetricKey.Padding = PaddingMode.PKCS7;
using (var decryptor = symmetricKey.CreateDecryptor(keyBytes, InitVectorBytes))
{
using (var memoryStream = new MemoryStream(cipherTextBytes))
{
using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
var plainTextBytes = new byte[cipherTextBytes.Length];
var decryptedByteCount = await cryptoStream.ReadAsync(plainTextBytes, 0, plainTextBytes.Length);
return(Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount));
}
}
}
}
}
}
public async Task <byte[]> DecryptBytes(byte[] bytes)
{
try
{
PartialDecryptionBuffer = PartialDecryptionBuffer.Concat(bytes).ToArray();
var iv = PartialDecryptionBuffer.Take(16).ToArray();
using (var aes = Aes.Create())
{
aes.Key = Key;
aes.IV = iv;
int bytesRead;
byte[] buffer;
using (var decryptor = aes.CreateDecryptor(Key, iv))
{
using (var ms = new MemoryStream(PartialDecryptionBuffer.Skip(16).ToArray()))
{
using (var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
{
buffer = new byte[PartialDecryptionBuffer.Skip(16).Count()];
bytesRead = await cs.ReadAsync(buffer, 0, buffer.Length);
}
PartialDecryptionBuffer = new byte[0];
return(buffer.Take(bytesRead).ToArray());
}
}
}
}
catch
{
return(null);
}
}
/// <summary>
/// Decrypts a <paramref name="cipher"/>.
/// </summary>
/// <param name="cipher">The cipher.</param>
/// <param name="key">The encryption secret.</param>
/// <param name="iv">The encryption initialization vector.</param>
/// <returns>The plain data.</returns>
/// <exception cref="ArgumentNullException">Thrown if either
/// <paramref name="cipher"/>, <paramref name="key"/>,
/// or <paramref name="iv"/> is null.</exception>
/// <exception cref="ArgumentOutOfRangeException">Thrown if the length
/// of either <paramref name="key"/> is not 32 or of
/// <paramref name="iv"/> is not 16.</exception>
public static async Task <byte[]> Decrypt(byte[] cipher, byte[] key, byte[] iv)
{
if (cipher == null)
{
throw new ArgumentNullException(nameof(cipher));
}
if (key == null)
{
throw new ArgumentNullException(nameof(key));
}
if (key.Length != 32)
{
throw new ArgumentOutOfRangeException(nameof(key));
}
if (iv == null)
{
throw new ArgumentNullException(nameof(iv));
}
if (iv.Length != 16)
{
throw new ArgumentOutOfRangeException(nameof(iv));
}
byte[] data = null;
if (cipher.Length > 0)
{
using (Aes aes = Aes.Create())
{
aes.Key = key;
aes.IV = iv;
ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
using (MemoryStream memoryStream = new MemoryStream(cipher))
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
using (MemoryStream outputStream = new MemoryStream())
{
int?roundLength = null;
var roundBuffer = new byte[1024];
while ((roundLength == null) || (roundLength == roundBuffer.Length))
{
roundLength = await cryptoStream.ReadAsync(roundBuffer, 0, roundBuffer.Length);
if (roundLength > 0)
{
await outputStream.WriteAsync(roundBuffer, 0, roundLength.Value);
}
}
data = outputStream.ToArray();
}
}
}
}
}
return(data);
}
public async Task <byte[]> DecryptBytes(byte[] cipherText, byte[] key, byte[] iv)
{
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
{
throw new ArgumentNullException(Constants.SCipherText);
}
if (key == null || key.Length <= 0)
{
throw new ArgumentNullException(Constants.Key);
}
if (iv == null || iv.Length <= 0)
{
throw new ArgumentNullException(Constants.IV);
}
// Declare the RijndaelManaged object
// used to decrypt the data.
AesCryptoServiceProvider aesAlg = null;
// Declare the string used to hold
// the decrypted text.
byte[] buffer;
// Create a RijndaelManaged object
// with the specified key and IV.
using (aesAlg = new AesCryptoServiceProvider())
{
//aesAlg.Mode = CipherMode.CBC;
aesAlg.Padding = PaddingMode.PKCS7;
aesAlg.Key = key;
aesAlg.IV = iv;
// Create a decrytor to perform the stream transform.
using (ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV))
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
byte[] tempbuffer = new byte[cipherText.Length];
int totalBytesRead = await csDecrypt.ReadAsync(tempbuffer, 0, tempbuffer.Length);
await csDecrypt.FlushAsync();
buffer = tempbuffer.Take(totalBytesRead).ToArray();
}
}
// Clear the RijndaelManaged object.
if (aesAlg != null)
{
aesAlg.Clear();
}
return(buffer);
}
public static async Task AES_Decrypt(string inputFile, byte[] passwordBytes)
{
if (!inputFile.ToLower().EndsWith(Extension))
{
return;
}
//todo:
// - create error message on wrong password
// - on cancel: close and delete file
// - on wrong password: close and delete file!
// - create a better filen name
// - could be check md5 hash on the files but it make this slow
var buffer = new byte[BufferSize];
try
{
using (var fsCrypt = File.OpenRead(inputFile))
{
var salt = new byte[SaltLength];
fsCrypt.Read(salt, 0, salt.Length);
var AES = new RijndaelManaged
{
KeySize = KeySize,
BlockSize = BlockSize,
Padding = PaddingMode.PKCS7,
Mode = CipherMode.CFB
};
var key = new Rfc2898DeriveBytes(passwordBytes, salt, IterationCount);
AES.Key = key.GetBytes(AES.KeySize / 8);
AES.IV = key.GetBytes(AES.BlockSize / 8);
using (var cs = new CryptoStream(fsCrypt, AES.CreateDecryptor(), CryptoStreamMode.Read))
{
inputFile = inputFile.Substring(0, inputFile.Length - Extension.Length);
using (var fsOut = new FileStream(inputFile, FileMode.Create))
{
int read;
while ((read = await cs.ReadAsync(buffer, 0, buffer.Length)) > 0)
{
fsOut.Write(buffer, 0, read);
}
}
}
}
}
catch (CryptographicException exCryptographicException)
{
Debug.WriteLine("CryptographicException error: " + exCryptographicException.Message);
}
catch (Exception ex)
{
Debug.WriteLine("Error: " + ex.Message);
}
}
public void GenerateRandom()
{
byte[] rng = new byte[Program.RNG_COUNT * Program.INT_SIZE];
using (SymmetricAlgorithm salsa20 = new Salsa20())
using (ICryptoTransform encrypt = salsa20.CreateEncryptor(Guid.NewGuid().ToByteArray(),
Guid.NewGuid().ToByteArray().Take(8).ToArray()))
using (MemoryStream streamInput = new MemoryStream(rng, false))
using (CryptoStream streamEncrypted = new CryptoStream(streamInput, encrypt, CryptoStreamMode.Read))
{
streamEncrypted.ReadAsync(rng).GetAwaiter().GetResult();
}
}
private static async Task DecryptAsync(string InputPath)
{
// Get password from user.
// TODO: Hide and confirm password.
ThreadsafeConsole.Write("Enter password: "******"Output filename is {outputFilename}.");
// Generate key from password (provided by user) and salt (stored in encrypted file).
using (var keyDerivation = KeyDerivation.Create(encryptedFileHeader.KeyDerivationAlgorithm, password, encryptedFileHeader.Salt, encryptedFileHeader.KeyDerivationIterations))
{
var key = keyDerivation.GetBytes(encryptedFileHeader.KeyLength);
ThreadsafeConsole.WriteLine($"Encryption key (derived from password and salt) is {Convert.ToBase64String(key)}.");
ThreadsafeConsole.WriteLine($"Cipher initialization vector is {Convert.ToBase64String(encryptedFileHeader.InitializationVector)}.");
// Create cipher from key (see above) plus algorithm name and initialization vector (stored in unencrypted header at beginning of encrypted file).
// Create decrypting input stream.
using (var cipher = Cipher.Create(encryptedFileHeader.CipherAlgorithm))
using (var decryptor = cipher.CreateDecryptor(key, encryptedFileHeader.InitializationVector))
await using (var cryptoStream = new CryptoStream(inputFileStream, decryptor, CryptoStreamMode.Read))
await using (var outputFileStream = File.Open(outputFilename, FileMode.CreateNew, FileAccess.Write, FileShare.None))
{
// To limit memory usage, repeatedly read a small block from input stream and write it to the decrypted output stream.
var buffer = new byte[cipher.BlockSize];
int bytesRead;
while ((bytesRead = await cryptoStream.ReadAsync(buffer, 0, buffer.Length)) > 0)
{
await outputFileStream.WriteAsync(buffer, 0, bytesRead);
}
}
}
}
var encryptionDuration = _stopwatch.Elapsed - encryptionStart;
ThreadsafeConsole.WriteLine($"Wrote decrypted file to {outputFilename}.");
ThreadsafeConsole.WriteLine($"Decryption took {encryptionDuration.TotalSeconds.ToString(_elapsedSecondsFormat)} seconds.");
}
public override async Task <int> ReadAsync(byte[] buffer, int offset, int count, CancellationToken cancellationToken)
{
if (mode != CryptoStreamMode.Read)
{
throw new InvalidOperationException("You cannot read from a stream in write mode.");
}
if (HasFlushedFinalBlock)
{
throw new InvalidOperationException("You cannot write on the stream when the final block was already flushed.");
}
if (buffer == null)
{
throw new ArgumentNullException(nameof(buffer));
}
int done = 0;
if (first)
{
if (operation == CryptographicOperation.Encrypt)
{
Array.Copy(iv, 0, buffer, offset, 16); // copy iv to encrypted output
done += 16; // the method returns the iv so it has to be counted
offset += 16;
count -= 16;
transform = csp.CreateEncryptor(key, iv);
shaStream = new CryptoStream(stream, sha, CryptoStreamMode.Read); // compute SHA256 of plain data
aesStream = new CryptoStream(shaStream, transform, CryptoStreamMode.Read); // encrypt after computing hash
topStream = aesStream; // Following operations will be done on this stream.
first = false;
}
else // CryptographicOperation.Decrypt
{
iv = new byte[16];
if (await stream.ReadAsync(iv, 0, 16).ConfigureAwait(false) < 16)
{
return(-1); // read iv from stream
}
// The method does not return an iv and its length is ignored.
transform = csp.CreateDecryptor(key, iv);
aesStream = new CryptoStream(stream, transform, CryptoStreamMode.Read); // first decrypt data
shaStream = new CryptoStream(aesStream, sha, CryptoStreamMode.Read); // then compute hash of the plain data
topStream = shaStream; // Following operations will be done on this stream.
first = false;
}
}
done += await topStream.ReadAsync(buffer, offset, count).ConfigureAwait(false);
_position += done;
return(done);
}
public async Task <byte[]> Decrypt(byte[] input)
{
var decryptor = CreateDecryptor();
var inputBytes = Convert.FromBase64String(Convert.ToBase64String(input));
byte[] plainTextBytes = new byte[inputBytes.Length];
using MemoryStream memoryStream = new MemoryStream(inputBytes);
using CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
await cryptoStream.ReadAsync(plainTextBytes, 0, plainTextBytes.Length);
return(plainTextBytes);
}
public override async Task <int> ReadAsync(byte[] buffer, int offset, int count, CancellationToken cancellationToken)
{
if (mode != CryptoStreamMode.Read)
{
throw new InvalidOperationException("You cannot read from a stream in write mode.");
}
if (buffer == null)
{
throw new ArgumentNullException(nameof(buffer));
}
int done = await shaStream.ReadAsync(buffer, offset, count).ConfigureAwait(false);
_position += done;
return(done);
}
public async Task <byte[]> DecryptAsync(Stream cypherStream)
{
using TripleDES des = TripleDES.Create();
var pdb = new Rfc2898DeriveBytes(encryptionKey.ToInsecureString(),
salt);
des.Key = pdb.GetBytes(keySize);
des.IV = pdb.GetBytes(ivSize);
using var cs = new CryptoStream(cypherStream,
des.CreateDecryptor(),
CryptoStreamMode.Read);
byte[] fromEncrypt = new byte[cypherStream.Length];
await cs.ReadAsync(fromEncrypt.AsMemory(0, fromEncrypt.Length));
cs.Close();
return(TrimNullByte(fromEncrypt));
}
public async Task <string> DecryptStringAsync(string encryptedData, byte[] key, byte[] iv, CancellationToken cancellationToken = default(CancellationToken))
{
var cipherTextBytes = Convert.FromBase64String(encryptedData);
var plainTextBytes = new byte[cipherTextBytes.Length];
using (var rijndael = System.Security.Cryptography.Rijndael.Create())
using (var memoryStream = new MemoryStream(cipherTextBytes))
using (var cryptoStream = new CryptoStream(memoryStream, rijndael.CreateDecryptor(key, iv), CryptoStreamMode.Read))
{
var decryptedByteCount = await cryptoStream.ReadAsync(plainTextBytes, 0, plainTextBytes.Length, cancellationToken).ConfigureAwait(false);
memoryStream.Close();
cryptoStream.Close();
rijndael.Clear();
return(Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount));
}
}
public async Task <string> Decrypt(string encryptedText, AppSettings appsettings)
{
byte[] cipherTextBytes = Convert.FromBase64String(encryptedText);
byte[] keyBytes = new Rfc2898DeriveBytes(appsettings.SecretSystemHashKey, Encoding.ASCII.GetBytes(appsettings.SystemSaltKey)).GetBytes(256 / 8);
byte[] plainTextBytes = new byte[cipherTextBytes.Length];
int decryptedByteCount;
using (var symmetricKey = new RijndaelManaged()
{
Mode = CipherMode.CBC, Padding = PaddingMode.None
})
using (var decryptor = symmetricKey.CreateDecryptor(keyBytes, Encoding.ASCII.GetBytes(appsettings.SystemIVKey)))
using (var memoryStream = new MemoryStream(cipherTextBytes))
using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
decryptedByteCount = await cryptoStream.ReadAsync(plainTextBytes, 0, plainTextBytes.Length);
}
return(Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount).TrimEnd('\0'));
}
public static async Task <MemoryStream> DecryptFileAsync(string inputFile, string password)
{
MemoryStream memoryStream = null;
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
byte[] salt = new byte[32];
try
{
using (FileStream inputFileStream = new FileStream(inputFile, FileMode.Open))
{
await inputFileStream.ReadAsync(salt, 0, salt.Length);
var AES = DefaultAESWithKey(new Rfc2898DeriveBytes(passwordBytes, salt, HashRate));
using (CryptoStream cryptoStream = new CryptoStream(inputFileStream, AES.CreateDecryptor(), CryptoStreamMode.Read))
{
memoryStream = new MemoryStream();
int read;
byte[] buffer = new byte[1048576];
while ((read = await cryptoStream.ReadAsync(buffer, 0, buffer.Length)) > 0)
{
await memoryStream.WriteAsync(buffer, 0, buffer.Length);
}
memoryStream.Position = 0;
}
}
}
catch (Exception e)
{
//System.Windows.MessageBox.Show($"Method: DecryptFile() failed.\n\nMessage: { e.Message }\n\nInnerException: { e.InnerException }");
return(null);
}
return(memoryStream);
}
private static async Task <byte[]> HashFileAsync(string path, HashAlgorithm hash)
{
using (hash) // Automatically dispose argument after usage
using (FileStream fs = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.Read))
using (CryptoStream cs = new CryptoStream(fs, hash, CryptoStreamMode.Read))
{
byte[] buffer = new byte[8192];
while (true)
{
if (await cs.ReadAsync(buffer, 0, buffer.Length) < buffer.Length)
{
if (!cs.HasFlushedFinalBlock)
{
cs.FlushFinalBlock();
}
return(hash.Hash);
}
}
}
}
/// <summary>
/// Computes the hash value for the specified <see cref="Stream"/> object asynchronously.
/// </summary>
/// <param name="hashAlgorithm">The cryptographic hash algorithm.</param>
/// <param name="stream">The input to compute the hash code for.</param>
/// <param name="cancellationToken">The token to monitor for cancellation requests.</param>
/// <returns>A task that represents the asynchronous compute operation. The value of the task's <see cref="Task{TResult}.Result"/> parameter contains the computed hash code.</returns>
public async Task <byte[]> ComputeHashAsync(HashAlgorithm hashAlgorithm, Stream stream, CancellationToken cancellationToken)
{
Argument.NotNull(hashAlgorithm, nameof(hashAlgorithm));
Argument.NotNull(stream, nameof(stream));
using (var decoratedStream = new ControlDisposalStreamDecorator(stream, leaveOpen: true))
using (var cryptoStream = new CryptoStream(decoratedStream, hashAlgorithm, CryptoStreamMode.Read))
{
byte[] buffer = new byte[BufferSize];
int read;
while ((read = await cryptoStream
.ReadAsync(buffer, 0, buffer.Length, cancellationToken)
.ConfigureAwait(Await.Default)) > 0)
{
}
return(hashAlgorithm.Hash);
}
}
public async static Task <string> Decrypt(string cipherText, string passPhrase)
{
// Get the complete stream of bytes that represent:
// [32 bytes of Salt] + [16 bytes of IV] + [n bytes of CipherText]
var cipherTextBytesWithSaltAndIv = Convert.FromBase64String(cipherText);
// Get the saltbytes by extracting the first 16 bytes from the supplied cipherText bytes.
var saltStringBytes = cipherTextBytesWithSaltAndIv.Take(Keysize / 8).ToArray();
// Get the IV bytes by extracting the next 16 bytes from the supplied cipherText bytes.
var ivStringBytes = cipherTextBytesWithSaltAndIv.Skip(Keysize / 8).Take(Keysize / 8).ToArray();
// Get the actual cipher text bytes by removing the first 64 bytes from the cipherText string.
var cipherTextBytes = cipherTextBytesWithSaltAndIv.Skip((Keysize / 8) * 2).Take(cipherTextBytesWithSaltAndIv.Length - ((Keysize / 8) * 2)).ToArray();
using (var password = new Rfc2898DeriveBytes(passPhrase, saltStringBytes, DerivationIterations))
{
var keyBytes = password.GetBytes(Keysize / 8);
using (var symmetricKey = new RijndaelManaged())
{
symmetricKey.BlockSize = 128;
symmetricKey.Mode = CipherMode.CBC;
symmetricKey.Padding = PaddingMode.PKCS7;
using (var decryptor = symmetricKey.CreateDecryptor(keyBytes, ivStringBytes))
{
using (var memoryStream = new MemoryStream(cipherTextBytes))
{
using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
var plainTextBytes = new byte[cipherTextBytes.Length];
var decryptedByteCount = await cryptoStream.ReadAsync(plainTextBytes, 0, plainTextBytes.Length);
memoryStream.Close();
cryptoStream.Close();
return(Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount));
}
}
}
}
}
}
public static async Task <byte[]> DecryptAsync(byte[] value, IEncryptionCredentials credentials,
CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
if (value == null || value.Length == 0)
{
return(value);
}
byte[] passwordBytes = null;
byte[] saltBytes = null;
byte[] initialVectorBytes = null;
byte[] derivedBytes = null;
byte[] valueBytes = null;
byte[] buffer = null;
try
{
passwordBytes = credentials.Password.ToByteArray(Encoding.ASCII, clearAfterUse: true);
saltBytes = credentials.Salt.ToByteArray(Encoding.ASCII, clearAfterUse: true);
initialVectorBytes = credentials.InitialVector.ToByteArray(Encoding.ASCII, clearAfterUse: true);
var passwordIterations = credentials.PasswordIterations;
var keySize = credentials.KeySize;
valueBytes = Convert.FromBase64String(Encoding.ASCII.GetString(value));
buffer = new byte[valueBytes.Length];
using var rfcDeriveBytes = new Rfc2898DeriveBytes(passwordBytes, saltBytes, passwordIterations);
using var aesManaged = new AesManaged { Mode = CipherMode.CBC };
derivedBytes = rfcDeriveBytes.GetBytes(keySize / 8);
using var decryptor = aesManaged.CreateDecryptor(derivedBytes, initialVectorBytes);
await using var memoryStream = new MemoryStream(valueBytes);
await using var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
var count = await cryptoStream.ReadAsync(buffer, 0, buffer.Length, cancellationToken);
memoryStream.Close();
cryptoStream.Close();
aesManaged.Clear();
Array.Resize(ref buffer, count);
return(buffer);
}
finally
{
if (buffer != null && buffer.Any())
{
Array.Clear(buffer, 0, buffer.Length);
}
if (passwordBytes != null && passwordBytes.Any())
{
Array.Clear(passwordBytes, 0, passwordBytes.Length);
}
if (valueBytes != null && valueBytes.Any())
{
Array.Clear(valueBytes, 0, valueBytes.Length);
}
if (saltBytes != null && saltBytes.Any())
{
Array.Clear(saltBytes, 0, saltBytes.Length);
}
if (initialVectorBytes != null && initialVectorBytes.Any())
{
Array.Clear(initialVectorBytes, 0, initialVectorBytes.Length);
}
if (derivedBytes != null && derivedBytes.Any())
{
Array.Clear(derivedBytes, 0, derivedBytes.Length);
}
}
}
public async Task <string> DecryptWithKey(byte[] key, EncryptedPayload encryptedData, Encoding encoding = null)
{
if (encoding == null)
{
encoding = Encoding.UTF8;
}
byte[] rawData = encryptedData.data.FromHex();
byte[] iv = encryptedData.iv.FromHex();
byte[] hmacReceived = encryptedData.hmac.FromHex();
using (HMACSHA256 hmac = new HMACSHA256(key))
{
hmac.Initialize();
byte[] toSign = new byte[iv.Length + rawData.Length];
//copy our 2 array into one
Buffer.BlockCopy(rawData, 0, toSign, 0, rawData.Length);
Buffer.BlockCopy(iv, 0, toSign, rawData.Length, iv.Length);
byte[] signature = hmac.ComputeHash(toSign);
if (!signature.SequenceEqual(hmacReceived))
{
throw new InvalidDataException("HMAC Provided does not match expected"); //Ignore
}
}
using (AesManaged cryptor = new AesManaged())
{
cryptor.Mode = CipherMode.CBC;
cryptor.Padding = PaddingMode.PKCS7;
cryptor.KeySize = 256;
cryptor.IV = iv;
cryptor.Key = key;
ICryptoTransform decryptor = cryptor.CreateDecryptor(cryptor.Key, cryptor.IV);
using (MemoryStream ms = new MemoryStream(rawData))
{
using (MemoryStream sink = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
{
int read = 0;
byte[] buffer = new byte[1024];
do
{
read = await cs.ReadAsync(buffer, 0, buffer.Length);
if (read > 0)
{
await sink.WriteAsync(buffer, 0, read);
}
} while (read > 0);
await cs.FlushAsync();
return(encoding.GetString(sink.ToArray()));
}
}
}
}
}
public static async Task <bool> AppendStringToFile(string fileName, string plainText, byte[] key, byte[] iv)
{
try
{
using (Rijndael algo = Rijndael.Create())
{
algo.Key = key;
// The IV is set below
algo.Mode = CipherMode.CBC;
algo.Padding = PaddingMode.PKCS7;
// Create the streams used for encryption.
using (FileStream file = new FileStream(fileName, FileMode.OpenOrCreate, FileAccess.ReadWrite))
{
byte[] previous = null;
int previousLength = 0;
long length = file.Length;
// No check is done that the file is correct!
if (length != 0)
{
// The IV length is equal to the block length
byte[] block = new byte[iv.Length];
if (length >= iv.Length * 2)
{
// At least 2 blocks, take the penultimate block
// as the IV
file.Position = length - iv.Length * 2;
file.Read(block, 0, block.Length);
algo.IV = block;
}
else
{
// A single block present, use the IV given
file.Position = length - iv.Length;
algo.IV = iv;
}
// Read the last block
file.Read(block, 0, block.Length);
// And reposition at the beginning of the last block
file.Position = length - iv.Length;
// We use a MemoryStream because the CryptoStream
// will close the Stream at the end
using (var ms = new MemoryStream(block))
// Create a decrytor to perform the stream transform.
using (ICryptoTransform decryptor = algo.CreateDecryptor())
using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
{
// Read all data from the stream. The decrypted last
// block can be long up to block length characters
// (so up to iv.Length) (this with AES + CBC)
previous = new byte[iv.Length];
previousLength = await cs.ReadAsync(previous, 0, previous.Length);
}
}
else
{
// Use the IV given
algo.IV = iv;
}
// Create an encryptor to perform the stream transform.
using (ICryptoTransform encryptor = algo.CreateEncryptor())
using (CryptoStream cs = new CryptoStream(file, encryptor, CryptoStreamMode.Write))
using (StreamWriter sw = new StreamWriter(cs))
{
// Rewrite the last block, if present. We even skip
// the case of block present but empty
if (previousLength != 0)
{
await cs.WriteAsync(previous, 0, previousLength);
}
// Write all data to the stream.
await sw.WriteAsync(plainText);
}
}
}
return(true);
}
catch (Exception ex)
{
throw ex;
}
}